Kerberos OpenLDAP Frontend g.w at
Mon Oct 8 10:01:41 EDT 2007

On Oct 5, 12:25pm, Simon Wilkinson wrote:
} Subject: Re: Kerberos OpenLDAP Frontend

Good morning to everyone, hope your week is starting out well.

> On 4 Oct 2007, at 19:02, Booker Bense wrote:
> >
> > The only reason to put in a LDAP back end is to simplify the
> > account management

> One thing I keep thinking about implementing is an LDAP->kadmin
> proxy. You'd still have the KDC database in the current DB format,
> but you'd be able to access it through an overlay on your OpenLDAP
> server, which would translate LDAP actions into kadmin RPCs.

Its the most reasoned and secure approach available for integrating
Kerberos and LDAP.

I've started bolting together a backend to OpenLDAP to implement this
functionality.  Its currently waiting for snow to overtake the
northern plains and force me off my bicycle and into the house in the
evenings... :-)

The main issue is an LDAP scheme to implement.  There are some bits
and pieces floating around but nothing I would consider definitive
beyond what Novell implemented for the back-end project.  Group
consensus on a suitable schema would be an important and enabling
first step.

> S.

Best wishes for a productive week.

}-- End of excerpt from Simon Wilkinson

As always,
Greg Wettstein

			 The Hurderos Project
         Open Identity, Service and Authorization Management

"We know that communication is a problem, but the company is not going
 to discuss it with the employees."
				-- Switching supervisor
				   AT&T Long Lines Division

More information about the Kerberos mailing list